| At present, with the rapid development of information technology, the information's security of a net is now being threatened. As we all know, government, agencies, companies and other departments of the computer system may have some confidential sensitive data in their internal systems, so the data of the network is vulnerable to hackers and malicious software attacks. Network monitor completes the work of data monitoring, capturing and analysis, becoming an indispensable tool of the network security.WinPcap is a development package using for the data acquisition of network, it's powerful, and can deal directly with network card, it's purpose is to capture the underlying network packets. WinPcap offers a range of API functions, providing a different programming interfaces for the Windows-based software programming, enabling users to easily access the underlying the data content of the network. WinPcap utilizes BPF kernel mechanisms to replace the previous CSPF mechanism, effectively improved the speed of packet filtering, and adopt the cyclic buffer pool structure on the basis of NPF which brings that multiple data packets can be copied once. WinPcap support the original data packet's receiving and sending, bypassing the TCP/IP protocol stack, isolating the details of the related hardware, it also encapsulates feature-rich API functions under the Windows platform, and the open sources facilitating the user on understanding and developing.In this paper, we first introduces the OSI model, Ethernet, frame composition and number of related agreements, give each layer's structure of the OSI model and function of IP, UDP, TCP and other protocol packets under the general format and packaging process, and also depict the "handshake" process of the TCP protocol connect and disconnect.Secondly, the paper described some contents which are relevant to Winpcap technology, including the concept of WinPcap, WinPcap functional structure and composition of the framework. Because the WinPcap system consists of core modules and the dynamic library file structure on application-level state, so in this part, there is a detailed description of how WinPcap kernel works, the function of Libpcap. At the same time, we point out that the use of register BPF filter, independent block buffer technology achieved high efficiency than the previous packet filtering algorithm.Finally, the paper made the design of the main modules of the system, executed simulation and testing procedures. Experimental results show, the network-based data acquisition system has these properties: simple design, fast execution, high efficiency on analyzing protocols, so it can monitor the web data better by cooperation of three modules. By capturing and analyzing data packets, we can realize the security monitoring of all the hosts in LAN, achieving a better safeguard on the security of the network. |
PDF Full Text Request